Facebook, Microsoft, Amazon, Apple and Oracle all have a whole lot more users than NetBSD. To most people, NetBSD brings absolutely nothing that Linux doesn't bring. NetBSD may run in some routers, but Linux probably runs in a *lot* more routers. Even FreeBSD may run in more routers than NetBSD (JunOS is FreeBSD based..).
So, to most of us, NetBSD is "meh, don't care". Sorry.
Apple is heading fast into the direction Microsoft went in the nineties. Even today news came out that Apple spends more on patents than on R&D. Now my question: what are your feelings towards Linux developers and users buying Apple hardware in order to run Linux on it? Do you feel they are in a way approving the way Apple operates nowadays?
No it isn't. Wikipedia was known by the general public before you linked them from your comment. Furthermore, the content on wikipedia isn't infringing.
I've got copies of music available on my private server at home. That server can be reached from the internet. If you'd somehow found out the url of the copied songs, then you'd be publishing (i.e. making them known to the general public) them, which would be infringing. And my personal copies are legal since I'm allowed to make a private copy of music I own.
Copyright law protects Security By Obscurity. So the judge was correct in this case.
In order in infringe on copyright law, you'll have to make a copied work public. So, as long as you don't publish a copied work (i.e. keeping it obscure), it's not an infringement. This, for instance, allows you to make a private copy of a copyrighted work without infringing on copyright law.
In this case, a private copy was made. Nobody knew where to find the copy, except for the person who placed the copy online. So, while the copy was on the internet, it wasn't public. Geenstijl made the copy public by making the URL known to the general public. Therefore Geenstijl infringed on dutch copyright law.
Any competent CA uses an HSM. I can even imagine using an HSM is a requirement for inclusion into the default CA bundle in webbrowsers.
An HSM is a Hardware Signing Module. It's a piece of hardware (supported by OpenSSL, by the way) which holds the secret keys. Secret keys cannot possibly be copied out of the HSM, except for backup purposes. But the backups are encrypted within the HSM itself, so the backed up keys can't be used for signing.
Diginotar, as most CA's I know of, uses multiple secret keys. One key is used for automated signing, typically used with Domain Validated certificates (blue address bar in your browser). For this key, a passphrase is kept somewhere available for the automated process, which of course is unsafe. Another key is used for higher security certificates. This is why not all certificates issued by diginotar are untrusted now. The certificates used by the Dutch governement for example, are signed with another key than the compromised key used for *.google.com.
So, nobody got hold of the private key -- it's safely in the HSM. Not all of Diginotar is untrusted, just the key used for signing *.google.com. Removing Diginotar entirely from browsers is a bit of an overreaction. It also causes distrust of certificates not signed by the key used for *.google.com. This includes the central Dutch identity service, DigiD. DigiD is used for authenticated the inhabitants of the Netherlands to websites operated by the governement, so removing the entirety of Diginotar from browsers has a very large and unintended side effect.
At some point, connection quality on IPv4 will be worse than connection quality on IPv6 for a significant amount of people. Their CGNAT may be overloaded. They may run applications which don't work correctly behind CGNAT.
When this point is reached, dual stacked hosting will be an advantage over IPv4-only hosting. Search engines may start to weigh in IPv6-reachablilty of sites. When this happens, you'll want to be with a hoster which supports IPv6 already.
I don't think the first push to IPv6 will be on the web. I think I'll be on peer to peer protocols and gaming. People soon will start to notice that carrier grade nat will work mostly fine to connect to webservers. However, they'll also notice their VoIP will suck. The connection to the game server will lag on IPv4 via NAT.
To webservers, they'll notice they can't post to any popular bulletin boards. The external CGNAT IP is likely to be banned from posting due to some other customer on the same CGNAT posting abusive messages. They may not be able to submit their mail to their favorite SMTP server because of a DNSBL.
So, they'll want IPv6 to avoid the GCNAT. IPv6 to them will be the superior solution to connect to specific services on the internet. So, I think this will start the snowball effect. When more and more users are demanding IPv6 servers due to the limited CGNAT they're behind, more and more server operators will think the transition to IPv6 will be worthwhile.
So yes, we'll be on dual stack for a while. But the IPv6 internet will soon be superior due to CGNAT being cumbersome to the end user.
Yes, port 587. This is the port authenticated clients can connect to (eg not spammers). So, run your mailserver externally with port 25 incoming and outgoing unblocked. From behind a line with port 25 outgoing blocked, you connect to this server using port 587 and smtp auth. Problem solved.
The OP can also solve his problem easily and cheaply by using comcast's outgoing smtp servers as smarthost.
I am in the business and I'm investing in IPv6-capable hardware, converting websites to support IPv6 (for instance when storing remote IPs from visitors), etc. All these things cost real money for no real immediate gain. We're going to use it as a marketing instrument to try and gain an advantage over competitors and when the real IPv4-crunch is there, we'll be ready.
I'm not trying to make money off you. And that's exactly what's the difficulty charging for IPs: who's getting the money? And what are they going to do with it?
Either way, 2011-2012 is going to be a very interesting couple of years.
The sollution is to put a price on IPv4 blocks. And make them increasingly expensive. Currenty there's NO economic insentive to upgrade to IPv6 because IPv4 is free and IPv6 for all practical purposes costs money (because of investments in routers, training, time to set up, etc).
Demanding IPv4 address space is free has been the biggest mistake in the transition to IPv6. Now it only can be fixed by a very rapid rise in price which is undesireable.
ISPs are issued/32's. They subdivide it to their customers as/48's who can divide it up to/64's for individual lans. That's right. Even a tunnel holding 2 devices is usually issued a/64 which will waste 2^64-4 addresses.
Since a RIR is issued a/16, we can have:
64K RIRs (we have 6) (some/16s are reserved)
64K large ISPs per RIR (or the RIR can just add another/16 to their pool)
64K large customers per ISP
64K networks per large customer
Note that an access provider (ADSL, cable) can divide their individual customers up in 64K * 64K networks.
So, while IPv6 brings a whole lot more allocatable space than IPv4, in practice it's a lot less than 2^128 addresses because of a lot of waste in the addressing space.
Your son didn't have ADHD. If he doesn't have ADHD now, he didn't have it then. It's a very common myth only children can have ADHD. Wrong. When you're born with ADHD, you die with ADHD.
You don't see many adults with ADHD because the diagnosis only became common about 15-20 years ago. Also, adults tend not to go to school (and therefore need less focus) and are less active than children anyway.
According to my girlfriend (who's got ADHD), ritalin is a stimulant. It makes non-ADHD'ers hyperactive.
The reason is that in an ADHD brain, the 'control'-part isn't working hard enough, making you very impulsive. And if you act on every impulse, you're hyperactive. So, you have to stimulate the 'control'-part of the brain, keeping the impulses in check.
Somebody without ADHD has got the exact same impulses, but is just better in controlling them. Unless the brain is overstimulated by something like ritalin..
So, no, the kids aren't turned into zombies. On the contrary.
Note that you could have followed the blue U-number signs starting at the Autobahn exit. They will lead you back to the next entry and hopefully past the blockage.
The german road system is brilliant. Here in the Netherlands we're just starting to have the alternate U-routes, decades after the germans.
Won't work at all. First of all they're using hotmail to send their mail. Everybody uses hotmail, right?
Second, if they're using their ISP's smarthost, that smarthost will most likely happily accept any mail. And the smarthost won't be on a blacklist, since the botnet will just do direct-to-mx.
The only solution which is centrally enforceable is blocking smtp connections going out of the ISP network. Force endusers to use the ISP's smarthost. The botnet won't be able to do direct-to-mx, and the ISP can easily scan outgoing mail and block spammers.
95% (I made that number up) of all spam you receive originates from ISPs which don't block outgoing SMTP connections. The remaining 5% is sent from hacked webservers, corporate accounts, through smarthosts, etc.
So *please* encourage your ISP to filter outgoing SMTP connections. It makes the world a better place. If you don't like your ISP's smarthost, then just do SMTP AUTH over tcp port 587 to connect to some other smarthost outside their network.
That's what any raid controller worth their salt does. I've seen 3ware and areca controllers do this, and those aren't the most expensive controllers on the market by far.
What debacle are you refering to? The awesome bar is fast and useful. I rarely click bookmarks these days, I just type the name in the location bar and it will pop up soon enough.
It's possible to search through pages titles instead of urls.
It's never failed me. So what debacle?
I fail to see how the parent is a troll, regardless of whether he is right or not.
That's because I wasn't trolling. Yes, I do know people here on slashdot don't like to hear positive opinions on Vista, but in fact Vista isn't all that bad.
I use Linux exclusively on my desktop pc at home and at work. I've been using Linux for over a decade. When I bought a laptop a year and a half ago, it came with Vista. Vista is IMHO a great improvement over XP. It's not even slow on decent hardware.ÂI have yet to receive my first BSOD since SP1 was released. SP0 gave me a few BSODs, maybe 5 in total.
That being said, I use Linux for work and Vista for play. So the comparison may not be entirely fair.
Yes. Vista is rock solid on solid hardware. Seriously. Vista is as reliable as Linux. Some people wreck their vista installation, some people wreck their Linux installation.
smtps is rarely used these days. None of our customers are using it, I guess because most of them use clients such as outlook can't do it. They all do TLS, which is available on both port 25 and 587. And most mail servers disallow smtp auth over an unencrypted session.
Lots of provider-provider smtp traffic is now encrypted, and still uses (and will always continue to use) port 25.
The only difference between ports 25 and 587 is that 587 requires SMTP AUTH. Therefore, 587 is not suitable for delivery of mail to the MX of the domain of the recipient. 587 can only be used for the first injection of mail into the SMTP system from MDA to MTA.
By blocking port 25 outgoing, you're effectively forcing your customers to inject mail to your own relay, or to an external relay with smtp auth. Now suddenly clients can only reach a very limited number of smtp servers. This centralizes the problems caused by infected nodes to those few smtp servers. The problem can be dealt with on those few servers, in stead of the entire world.
All consumer-grade access providers should block port 25 outgoing. Really. I'm tempted to create a dnsbl listing providers who don't adhere to this policy.
Slashdot Mirror
Facebook, Microsoft, Amazon, Apple and Oracle all have a whole lot more users than NetBSD. To most people, NetBSD brings absolutely nothing that Linux doesn't bring. NetBSD may run in some routers, but Linux probably runs in a *lot* more routers. Even FreeBSD may run in more routers than NetBSD (JunOS is FreeBSD based..).
So, to most of us, NetBSD is "meh, don't care". Sorry.
Apple is heading fast into the direction Microsoft went in the nineties. Even today news came out that Apple spends more on patents than on R&D. Now my question: what are your feelings towards Linux developers and users buying Apple hardware in order to run Linux on it? Do you feel they are in a way approving the way Apple operates nowadays?
No it isn't. Wikipedia was known by the general public before you linked them from your comment. Furthermore, the content on wikipedia isn't infringing.
I've got copies of music available on my private server at home. That server can be reached from the internet. If you'd somehow found out the url of the copied songs, then you'd be publishing (i.e. making them known to the general public) them, which would be infringing. And my personal copies are legal since I'm allowed to make a private copy of music I own.
Copyright law protects Security By Obscurity. So the judge was correct in this case.
In order in infringe on copyright law, you'll have to make a copied work public. So, as long as you don't publish a copied work (i.e. keeping it obscure), it's not an infringement. This, for instance, allows you to make a private copy of a copyrighted work without infringing on copyright law.
In this case, a private copy was made. Nobody knew where to find the copy, except for the person who placed the copy online. So, while the copy was on the internet, it wasn't public. Geenstijl made the copy public by making the URL known to the general public. Therefore Geenstijl infringed on dutch copyright law.
This is the internet. What nation are you referring to?
Any competent CA uses an HSM. I can even imagine using an HSM is a requirement for inclusion into the default CA bundle in webbrowsers.
An HSM is a Hardware Signing Module. It's a piece of hardware (supported by OpenSSL, by the way) which holds the secret keys. Secret keys cannot possibly be copied out of the HSM, except for backup purposes. But the backups are encrypted within the HSM itself, so the backed up keys can't be used for signing.
Diginotar, as most CA's I know of, uses multiple secret keys. One key is used for automated signing, typically used with Domain Validated certificates (blue address bar in your browser). For this key, a passphrase is kept somewhere available for the automated process, which of course is unsafe. Another key is used for higher security certificates. This is why not all certificates issued by diginotar are untrusted now. The certificates used by the Dutch governement for example, are signed with another key than the compromised key used for *.google.com.
So, nobody got hold of the private key -- it's safely in the HSM. Not all of Diginotar is untrusted, just the key used for signing *.google.com. Removing Diginotar entirely from browsers is a bit of an overreaction. It also causes distrust of certificates not signed by the key used for *.google.com. This includes the central Dutch identity service, DigiD. DigiD is used for authenticated the inhabitants of the Netherlands to websites operated by the governement, so removing the entirety of Diginotar from browsers has a very large and unintended side effect.
At some point, connection quality on IPv4 will be worse than connection quality on IPv6 for a significant amount of people. Their CGNAT may be overloaded. They may run applications which don't work correctly behind CGNAT.
When this point is reached, dual stacked hosting will be an advantage over IPv4-only hosting. Search engines may start to weigh in IPv6-reachablilty of sites. When this happens, you'll want to be with a hoster which supports IPv6 already.
I don't think the first push to IPv6 will be on the web. I think I'll be on peer to peer protocols and gaming. People soon will start to notice that carrier grade nat will work mostly fine to connect to webservers. However, they'll also notice their VoIP will suck. The connection to the game server will lag on IPv4 via NAT.
To webservers, they'll notice they can't post to any popular bulletin boards. The external CGNAT IP is likely to be banned from posting due to some other customer on the same CGNAT posting abusive messages. They may not be able to submit their mail to their favorite SMTP server because of a DNSBL.
So, they'll want IPv6 to avoid the GCNAT. IPv6 to them will be the superior solution to connect to specific services on the internet. So, I think this will start the snowball effect. When more and more users are demanding IPv6 servers due to the limited CGNAT they're behind, more and more server operators will think the transition to IPv6 will be worthwhile.
So yes, we'll be on dual stack for a while. But the IPv6 internet will soon be superior due to CGNAT being cumbersome to the end user.
Yeah, and we all saw what happened to the independence of the states due to the totalitarian federal governement of the united states.
Yes, port 587. This is the port authenticated clients can connect to (eg not spammers). So, run your mailserver externally with port 25 incoming and outgoing unblocked. From behind a line with port 25 outgoing blocked, you connect to this server using port 587 and smtp auth. Problem solved.
The OP can also solve his problem easily and cheaply by using comcast's outgoing smtp servers as smarthost.
I am in the business and I'm investing in IPv6-capable hardware, converting websites to support IPv6 (for instance when storing remote IPs from visitors), etc. All these things cost real money for no real immediate gain. We're going to use it as a marketing instrument to try and gain an advantage over competitors and when the real IPv4-crunch is there, we'll be ready.
I'm not trying to make money off you. And that's exactly what's the difficulty charging for IPs: who's getting the money? And what are they going to do with it?
Either way, 2011-2012 is going to be a very interesting couple of years.
The sollution is to put a price on IPv4 blocks. And make them increasingly expensive. Currenty there's NO economic insentive to upgrade to IPv6 because IPv4 is free and IPv6 for all practical purposes costs money (because of investments in routers, training, time to set up, etc).
Demanding IPv4 address space is free has been the biggest mistake in the transition to IPv6. Now it only can be fixed by a very rapid rise in price which is undesireable.
ISPs are issued /32's. They subdivide it to their customers as /48's who can divide it up to /64's for individual lans. That's right. Even a tunnel holding 2 devices is usually issued a /64 which will waste 2^64-4 addresses.
Since a RIR is issued a /16, we can have:
64K RIRs (we have 6) (some /16s are reserved) /16 to their pool)
64K large ISPs per RIR (or the RIR can just add another
64K large customers per ISP
64K networks per large customer
Note that an access provider (ADSL, cable) can divide their individual customers up in 64K * 64K networks.
So, while IPv6 brings a whole lot more allocatable space than IPv4, in practice it's a lot less than 2^128 addresses because of a lot of waste in the addressing space.
Your son didn't have ADHD. If he doesn't have ADHD now, he didn't have it then. It's a very common myth only children can have ADHD. Wrong. When you're born with ADHD, you die with ADHD.
You don't see many adults with ADHD because the diagnosis only became common about 15-20 years ago. Also, adults tend not to go to school (and therefore need less focus) and are less active than children anyway.
According to my girlfriend (who's got ADHD), ritalin is a stimulant. It makes non-ADHD'ers hyperactive.
The reason is that in an ADHD brain, the 'control'-part isn't working hard enough, making you very impulsive. And if you act on every impulse, you're hyperactive. So, you have to stimulate the 'control'-part of the brain, keeping the impulses in check.
Somebody without ADHD has got the exact same impulses, but is just better in controlling them. Unless the brain is overstimulated by something like ritalin..
So, no, the kids aren't turned into zombies. On the contrary.
"uninitialized data" is meaningless. It's something only a programmer would understand.
Instead tell the user what *he* did wrong and tell him how to correct the situation.
"No recipient address given. Please enter the the e-mail address of the recipient and try again".
Note that you could have followed the blue U-number signs starting at the Autobahn exit. They will lead you back to the next entry and hopefully past the blockage.
The german road system is brilliant. Here in the Netherlands we're just starting to have the alternate U-routes, decades after the germans.
Probably just tickets. They're often confused with bugs.
Won't work at all. First of all they're using hotmail to send their mail. Everybody uses hotmail, right?
Second, if they're using their ISP's smarthost, that smarthost will most likely happily accept any mail. And the smarthost won't be on a blacklist, since the botnet will just do direct-to-mx.
The only solution which is centrally enforceable is blocking smtp connections going out of the ISP network. Force endusers to use the ISP's smarthost. The botnet won't be able to do direct-to-mx, and the ISP can easily scan outgoing mail and block spammers.
95% (I made that number up) of all spam you receive originates from ISPs which don't block outgoing SMTP connections. The remaining 5% is sent from hacked webservers, corporate accounts, through smarthosts, etc.
So *please* encourage your ISP to filter outgoing SMTP connections. It makes the world a better place. If you don't like your ISP's smarthost, then just do SMTP AUTH over tcp port 587 to connect to some other smarthost outside their network.
How do you determine an smtp connection to be 'too much like a bot'? I'm genuinely interested because I'd like to be able to do that too.
That's what any raid controller worth their salt does. I've seen 3ware and areca controllers do this, and those aren't the most expensive controllers on the market by far.
What debacle are you refering to? The awesome bar is fast and useful. I rarely click bookmarks these days, I just type the name in the location bar and it will pop up soon enough. It's possible to search through pages titles instead of urls. It's never failed me. So what debacle?
I fail to see how the parent is a troll, regardless of whether he is right or not.
That's because I wasn't trolling. Yes, I do know people here on slashdot don't like to hear positive opinions on Vista, but in fact Vista isn't all that bad.
I use Linux exclusively on my desktop pc at home and at work. I've been using Linux for over a decade. When I bought a laptop a year and a half ago, it came with Vista. Vista is IMHO a great improvement over XP. It's not even slow on decent hardware.ÂI have yet to receive my first BSOD since SP1 was released. SP0 gave me a few BSODs, maybe 5 in total.
That being said, I use Linux for work and Vista for play. So the comparison may not be entirely fair.
Yes. Vista is rock solid on solid hardware. Seriously. Vista is as reliable as Linux. Some people wreck their vista installation, some people wreck their Linux installation.
smtps is rarely used these days. None of our customers are using it, I guess because most of them use clients such as outlook can't do it. They all do TLS, which is available on both port 25 and 587. And most mail servers disallow smtp auth over an unencrypted session.
Lots of provider-provider smtp traffic is now encrypted, and still uses (and will always continue to use) port 25.
The only difference between ports 25 and 587 is that 587 requires SMTP AUTH. Therefore, 587 is not suitable for delivery of mail to the MX of the domain of the recipient. 587 can only be used for the first injection of mail into the SMTP system from MDA to MTA.
By blocking port 25 outgoing, you're effectively forcing your customers to inject mail to your own relay, or to an external relay with smtp auth. Now suddenly clients can only reach a very limited number of smtp servers. This centralizes the problems caused by infected nodes to those few smtp servers. The problem can be dealt with on those few servers, in stead of the entire world.
All consumer-grade access providers should block port 25 outgoing. Really. I'm tempted to create a dnsbl listing providers who don't adhere to this policy.